“If a security researcher was to discover a Pwnium-quality bug chain today, it’s highly likely that they would wait until the contest to report it to get a cash reward,” Willis wrote. “This is a bad scenario for all parties. It’s bad for us because the bug doesn’t get fixed immediately and our users are left at risk.”

It also increased the chance that the same bug might be submitted by more than one researcher, he wrote. Researchers had to attend the conference as well.

Now, researchers who find bugs in Chrome products can submit them under the Chrome Reward Program, Willis wrote, which has been around since 2010.

Awards range from a minimum of US$500 up to $50,000, with an unlimited reward pool. But Willis cautioned that Google’s lawyers say the program is “experimental and discretionary” and could be canceled or modified.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.